What specifically is broken? Do you have a list of ITSs? We currently
use this code but I believe the same functionality can also be achieved
by using SASL/saslauthd and {SASL} or am I mistaken? If I can't get the
same functionality with SASL I may have to look at the code myself.
"Kurt D. Zeilenga" wrote:
>
> At 08:32 AM 10/15/2003, Allan E Johannesen wrote:
> >It appears that the --enable-kpasswd option is gone from openldap 2.1.23
>
> Use
> env ol_enable_kpasswd=yes ./configure
> instead.
>
> That is, the feature (as broken as it is) still remains.
>
> >I recall some discussion about the {kerberos} option in the user password, but
> >I thought that the concensus was that people were using this didn't want it to
> >be discontinued.
>
> The code was disabled not because too feature wanted support for it
> to be continued, but because too few people stood up and supported
> the code. That is, the code is broken and nobody seems willing to
> fix it.
>
> The project long standing approach to broken code is to phase it
> out. Disabling configure options is one of the first phases in
> this process. It's generally followed by moving the broken code
> to the Attic.
>
> If just one person using this code were to start to maintaining it,
> the process would likely be halted and maybe even reversed.
>
> >I guess I was wrong and the decision was made to remove it.
>
> A policy was established long ago that broken code is to be
> phased out. This code has been considered broken for quite
> some time (as evident by the many ITSs). The lack of action
> by those wanting this feature to be supported to resolve
> outstanding issues lead to my recent action to start the
> phasing out the code.
>
> >It didn't seem to warrant a line in the release notes.
>
> Yes.
>
> >Is that gone for good? Is it a mistake in the release?
>
> See above. No.
>
> >What should people do for id/password authentication from now on?
>
> I wouldn't suggest you use Kerberos for username/password
> authentication.